Cyber Incident Victim: Driveline Retail Merch., Inc.

The data breach incident involving Driveline Retail Merch., Inc. occurred when the company fell victim to a phishing attack, resulting in unauthorized access to sensitive employee information. The compromised data included current and former employees’ personally identifiable information and tax details, specifically names, addresses, zip codes, dates of birth, wage and withholding records, and Social Security numbers. This exposure created significant risks for identity theft and financial fraud against affected individuals. Following discovery of the breach, Driveline implemented a response measure by offering impacted employees 12 months of credit monitoring services. Employee acceptance of this remediation offer varied, with some enrolling in the protection services while others declined participation. The breach timeline indicates the phishing attack and subsequent data disclosure preceded January 19, 2021, when the related court decision was issued.

Legal proceedings emerged when a plaintiff filed a class-action lawsuit (McGlenn v. Driveline Retail Merch., Inc.) in the U.S. District Court for the Central District of Illinois, alleging harm from the exposure of sensitive tax and personal data. The litigation sought class certification to collectively represent all affected employees, but the court denied this motion in a January 19, 2021 ruling referenced as 2021 U.S. Dist. LEXIS 9532. This denial represented a significant procedural setback for plaintiffs attempting collective legal action against the employer. The case highlighted ongoing challenges in certifying classes for data breach claims, particularly regarding establishing common injury across proposed class members. No additional technical details about the phishing attack vector, intrusion timeline, or containment measures were disclosed in the available court records or associated legal commentary.